Unrated severityNVD Advisory· Published Oct 8, 2019· Updated Aug 4, 2024

CVE-2019-10215

Description

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.

Affected products

osv-coords58 versions
pkg:rpm/suse/cobbler&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/koan&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/spacewalk-remote-utils&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/spacewalk-remote-utils&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/uyuni-base&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/uyuni-base&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2015
< 2.6.6-49.26.3+ 57 more
- (no CPE)range: < 2.6.6-49.26.3
- (no CPE)range: < 2.6.6-49.26.3
- (no CPE)range: < 2.6.6-49.26.3
- (no CPE)range: < 2.6.6-49.26.3
- (no CPE)range: < 0.1.1590413773.a959db7-1.12.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 2.18.0-3.3.1
- (no CPE)range: < 2.18.0-1.12.2
- (no CPE)range: < 2.18.0-3.12.2
- (no CPE)range: < 7.0.3-1.9.3
- (no CPE)range: < 7.0.3-1.9.2
- (no CPE)range: < 2.9.0-4.15.2
- (no CPE)range: < 4.1.2-1.12.3
- (no CPE)range: < 4.1.2-1.12.4
- (no CPE)range: < 4.1.1-1.6.1
- (no CPE)range: < 4.1.1-1.6.2
- (no CPE)range: < 4.1.1-1.14.2
- (no CPE)range: < 4.1.1-1.14.2
- (no CPE)range: < 4.1.2-1.15.2
- (no CPE)range: < 4.1.2-1.15.2
- (no CPE)range: < 4.1.1-1.6.3
- (no CPE)range: < 4.1.1-1.6.4
- (no CPE)range: < 4.1.1-1.14.3
- (no CPE)range: < 4.1.1-1.14.2
- (no CPE)range: < 4.1.2-21.22.2
- (no CPE)range: < 4.1.2-3.16.2
- (no CPE)range: < 4.1.4-38.61.2
- (no CPE)range: < 4.1.4-3.38.2
- (no CPE)range: < 4.1.5-52.32.2
- (no CPE)range: < 4.1.5-3.23.2
- (no CPE)range: < 4.1.1-24.12.2
- (no CPE)range: < 4.1.1-3.9.2
- (no CPE)range: < 4.1.1-19.12.1
- (no CPE)range: < 4.1.1-3.6.3
- (no CPE)range: < 4.1.1-24.15.3
- (no CPE)range: < 4.1.1-3.12.4
- (no CPE)range: < 4.1.2-6.15.1
- (no CPE)range: < 4.1.2-3.9.2
- (no CPE)range: < 4.1.2-25.9.2
- (no CPE)range: < 4.1.2-3.6.2
- (no CPE)range: < 4.1.1-1.3.1
- (no CPE)range: < 4.1.1-1.3.2
- (no CPE)range: < 4.1.5-1.3.2
- (no CPE)range: < 4.1.5-1.3.2
- (no CPE)range: < 1.0.7-30.21.2
- (no CPE)range: < 1.0.7-3.12.2
Red Hat/bootstrap3-typeahead.jsv5
Range: after version bootstrap3-typeahead 4.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:3771mitrevendor-advisoryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000